Abstract
Internet is used in all sectors of society by rapid changes in computing technology and expanded internet prevalence. But due to opposite effect of this, malicious code and damage of hacking is growing rapidly and the technique is becoming various. Attacker’s attack patterns and information should be collected in order to reduce the damage and cope more aggressively to attack. In this paper, we propose a system which build honeypot farm using created virtual machine dynamically by utilizing honeypot to collect attack information and virtualization technology. The created virtual machines are managed by VMSC and protocol-based intrusion detection system which shows stable performance in mass traffic to attacker’s intrusion detection is applied. Measurement of attack attempt and attack detection rate was measured to confirm the performance of the proposed system in this paper and the result of good performance through experiment was confirmed.
Similar content being viewed by others
References
Costa DG, Guedes LA (2011) “Exploiting the sensing relevancies of source nodes for optimizations in visual sensor networks.” Multimed Tools Appl 55(3)
Ikinci A, Holz T, Freiling FC (2008) “Monkey-spider: detecting malicious websites with low-interaction honeyclients.” In Sicherheit’08, pp. 407–421
Kim Y-H, Park WH (2012) A study on cyber threat prediction based on intrusion detection event for APT attack detection. Multimed Tools Appl 60(3):1–14
Koachev D, Cao Y, Klamma R (2012) Building mobile multimedia services: a hybrid cloud computing approach. Multimed Tools Appl 58(2):1–29
Kreibich C, Weaver N, Kanich C, Cui W, Paxson V (2011) “Practical containment for measuring modern malware system.” In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, pp. 397–412
Lee DH, Kim B, Kim KJ (2010) “PCA in ERP environment using the misuse detection system design and implementation of RBAC permissions.” Multimed Tools Appl 50(3)
Leita C, Mermoud K, Dacier M (2005) “Scriptgen: an automated script generation tool for honeyd.” In Proceedings of the 21st Annual Computer Security Application Conference(ACSAC), pp. 203–214
Marchette DJ (2001) Computer intrusion detection and network monitoring. Springer, New York
Nance K, Bishop M, Hay B (2008) Virtual machine introspection: observation or interface. IEEE Secur Priv 6(5):32–37
Ning P, Xu D (2003) “Learning attack strategies from intrusion alerts.” In Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 200–209
Platter C, Baumann R. “White paper: honeypots,” http://www.inf.ethz.ch/personal/plattner/pdf/whitepaper.pdf
Provos N (2004) “A virtual honeypot framework.” In proceedings of the 13th USENIX Security Symposium, pp. 1–14
Spitzner L (2002) Honeypots: tracking hackers. Addison-Wesley, Boston
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yang, HS. A study on attack information collection using virtualization technology. Multimed Tools Appl 74, 8791–8799 (2015). https://doi.org/10.1007/s11042-013-1487-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-013-1487-8